Data center security systems and devices

ABSTRACT

Embodiments of the present invention are directed to systems, devices, lockable enclosures, and methods for data centers. In one example, a lockable enclosure for a data drive is provided. The lockable enclosure includes a housing configured to retain a first data drive and a latch contained within the housing and configured to receive a second data drive, wherein the latch is configured to move within the housing for dispensing the first data drive from the housing while the second data drive remains secured therein.

CROSS REFERENCE TO RELATED APPLICATIONS

This application claims the benefit of priority to U.S. ProvisionalApplication No. 63/213,538, filed Jun. 22, 2021, U.S. ProvisionalApplication No. 63/216,255, filed on Jun. 29, 2021, U.S. ProvisionalApplication No. 63/229,126, filed on Aug. 4, 2021 and U.S. ProvisionalApplication No. 63/237,400, filed on Aug. 26, 2021, the entire contentsof each of which are hereby incorporated by reference.

FIELD OF THE INVENTION

Embodiments of the present invention relates generally to accessmanagement, electronic locks, systems, devices, lockable enclosures, andmethods for data centers.

BACKGROUND

Data centers utilize a variety of media to transfer and store variousinformation. Because the media may contain sensitive or confidentialinformation, it is desirable to ensure that the media is secure and thatthere is an adequate chain of custody for anyone accessing the media.

BRIEF SUMMARY

Embodiments of the present invention are directed towards a lockableenclosure for a data drive. The lockable enclosure comprises a housingconfigured to house a first data drive, the first data drive configuredto be removed from the housing. The lockable enclosure also includes alatch contained within the housing and configured to receive a seconddata drive, wherein the latch is configured to move within the housingfor dispensing the first data drive from the housing while the seconddata drive remains secured therein.

In another embodiment, a lockable enclosure for a data drive isprovided. The lockable enclosure includes a housing configured tocontain a first data drive, the first data drive configured to beremoved from the housing. The housing is configured to receive a seconddata drive, and the first data drive is only configured to be removedfrom the housing when the second data drive is secured therein.

In another embodiment, a method for securing and dispensing data drives.The method includes providing a housing containing a first data drive,the first data drive configured to be removed from the housing. Themethod further includes inserting a second data drive within the housingand dispensing the first data drive from the housing only when thesecond data drive is secured within the housing.

In some embodiments, a security system for a data center is provided.The security system includes a plurality of electronic keys and aplurality of media drives configured to be removably connected to arespective electrical component of a server rack, each of the mediadrives configured to communicate with any one of the electronic keys forenabling the media drive to communicate with the component. In aspectsof the security system, each of the media drives is a USB drive with aUSB connector. In other aspects, each of the media drives is the samesize and configuration as an SSD drive. In some cases, each of the mediadrives comprises a connector configured to move between a retractedposition and an extended position relative to the media drive, and theconnector is configured to be removably connected to the electricalcomponent. In other cases, the security system also includes one or moreremote devices configured to communicate with the plurality ofelectronic keys and/or the media drives in a cloud network. In oneaspect, each of the media devices comprises a unique identifier, andeach of the electronic keys is configured to obtain the uniqueidentifier from the media device when the media device is enabled. Inanother aspect, each of the media drives is configured to be disabledupon removal from the respective electrical component. In yet anotheraspect, each of the media drives has a disabled mode whereby the mediadrive is incapable of communicating with the component, and each of themedia drives is configured to communicate with one of the electronickeys in the disabled mode for enabling the media drive to communicatewith the respective component.

In another embodiment, a security device for a data center is provided.The security device comprises a media drive configured to be removablyconnected to a component of a server rack, the media drive having adisabled mode whereby the media drive is incapable of communicating withthe component, the media drive is configured to communicate with a keyin the disabled mode for enabling the media drive to communicate withthe component. In some aspects, the media drive is a USB drive with aUSB connector. In another aspect, the media drive is the same size andconfiguration as an SSD drive. In one example, the media drive comprisesa connector configured to move between a retracted position and anextended position relative to the media drive, and wherein the connectoris configured to be removably connected to the component.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1A shows an embodiment of a security system and method including aprogrammable electronic key, a security device, a programming stationand a charging station according to an embodiment of the invention.

FIG. 1B is an enlarged view showing the programmable electronic key ofFIG. 1A positioned on the programming station of FIG. 1A to beprogrammed with a security code.

FIG. 2 further shows the system and method of FIG. 1A with theprogrammable electronic key positioned to operate the security device.

FIG. 3A further shows the system and method of FIG. 1A with theprogrammable electronic key disposed on the charging station.

FIG. 3B is an enlarged view showing the programmable electronic key ofFIG. 1A positioned on the charging station of FIG. 1A to recharge apower source disposed within the key.

FIG. 4 is an enlarged view showing the security device of the system andmethod of FIG. 1A.

FIG. 5 is an enlarged view showing the programmable electronic key ofthe system and method of FIG. 1A in greater detail.

FIG. 6 is an exploded view of the programmable electronic key of FIG. 5.

FIG. 7A is a perspective view of the programmable electronic key of FIG.5 .

FIG. 7B is an end view of the programmable electronic key of FIG. 5 .

FIG. 8 is a perspective view showing a lengthwise cross-section of theprogrammable electronic key of FIG. 5 .

FIG. 9A is a top view showing the charging station of the system andmethod of FIG. 1A.

FIG. 9B is a perspective view showing a diagonal cross-section of thecharging station of FIG. 9A taken along the line 9B-9B.

FIG. 10 shows another embodiment of a security system and methodincluding a programmable electronic key, a security device, aprogramming station and a charging station according to an embodiment ofthe invention.

FIG. 11 is an enlarged view showing the programmable electronic key ofFIG. 10 positioned on the charging station of FIG. 10 to recharge apower source disposed within the key.

FIG. 12 is an enlarged view showing the security device of the systemand method of FIG. 10 .

FIG. 13 is an enlarged view showing the programmable electronic key ofthe system and method of FIG. 10 in greater detail.

FIG. 14 is a perspective view showing a pair of matched coils for usewith the programmable electronic key and the security device of FIG. 10.

FIG. 15A is a perspective view of the programmable electronic key ofFIG. 13 .

FIG. 15B is an end view of the programmable electronic key of FIG. 13 .

FIG. 16 is a perspective view showing a lengthwise cross-section of theprogrammable electronic key of FIG. 13 .

FIG. 17A is a top view showing the charging station of the system andmethod of FIG. 10 .

FIG. 17B is a perspective view showing a diagonal cross-section of thecharging station of FIG. 17A taken along the line 17B-17B.

FIG. 18 illustrates a system comprising a server rack and a lockaccording to an embodiment of the invention.

FIG. 19 illustrates a system comprising a server rack and a lockconfigured to communicate with a remote device according to anembodiment of the invention.

FIG. 20 is a perspective view of a lockable enclosure and a secure binaccording to one embodiment.

FIG. 21 are perspective views of the lockable enclosure shown in FIG. 20showing the sequence of securing the media in the lockable enclosureaccording to one embodiment.

FIG. 22 are perspective views of the lockable enclosure and media shownin FIG. 20 .

FIG. 23 is a front view of the lockable enclosure and media shown inFIG. 20 .

FIG. 24 is a front view of the lockable enclosure shown in FIG. 20 and aremote device prior to securing the media according to one embodiment.

FIG. 25 is a front view of the lockable enclosure shown in FIG. 20 priorto locking the media therein according to one embodiment.

FIG. 26 is a front view of the lockable enclosure shown in FIG. 20 and aremote device prior to locking the lockable enclosure according to oneembodiment.

FIG. 27 is a front view of the lockable enclosure FIG. 20 with the medialocked therein according to one embodiment.

FIG. 28 is a front view of the lockable enclosure shown in FIG. 20 and aremote device after locking the lockable enclosure according to oneembodiment.

FIG. 29 is another front view of the lockable enclosure shown in FIG. 20.

FIG. 30 is a front view of the lockable enclosure shown in FIG. 20 and aremote device after detecting a tamper attempt according to oneembodiment.

FIG. 31 is a perspective view of a USB drive according to oneembodiment.

FIG. 32 are perspective views of the USB drive shown in FIG. 31 indifferent states.

FIG. 33 are perspective views of the USB drive shown in FIG. 31 prior toremoval of the USB connector according to one embodiment.

FIG. 34 is a perspective view of the USB drive shown in FIG. 31 incommunication with an electronic key according to one embodiment.

FIG. 35 show perspective views of a lockable enclosure according toanother embodiment.

FIG. 36 are perspective views of the lockable enclosure shown in FIG. 35showing the sequence of securing the media in the lockable enclosureaccording to one embodiment.

FIG. 37 are side views of the lockable enclosure shown in FIG. 35 .

FIG. 38 are perspective views of the lockable enclosure shown in FIG. 35showing the sequence of securing the media in the lockable enclosureaccording to one embodiment.

FIG. 39 is an elevation view of a lockable enclosure according to oneembodiment.

FIG. 40 is a side view of a lockable enclosure according to oneembodiment.

FIG. 41 is an elevation view of a lockable enclosure with a latch in afirst position according to one embodiment.

FIG. 42 is an elevation view of the lockable enclosure shown in FIG. 41with the latch in a second position.

FIG. 43 is an elevation view of the lockable enclosure shown in FIG. 41with the latch in a first position and housing a new media drive.

FIG. 44 is an elevation view of the lockable enclosure shown in FIG. 41with the latch in a first position and after receiving an old mediadrive.

FIG. 45 is an elevation view of the lockable enclosure shown in FIG. 41with the latch in a second position for dispensing the old media drive.

FIG. 46 is an elevation view of the lockable enclosure shown in FIG. 41with the latch in the second position and housing the old media drive.

FIG. 47 are perspective views of a lockable enclosure in a firstposition and a second position for dispensing a new media driveaccording to one embodiment.

FIG. 48 are perspective views of a lockable enclosure in a firstposition and a second position for dispensing a new media driveaccording to one embodiment.

FIG. 49 are perspective views of a lockable enclosure in a firstposition and a second position for dispensing a new media driveaccording to one embodiment.

FIG. 50 are perspective views of a lockable enclosure in a firstposition and a second position for securing a data drive according toone embodiment.

DETAILED DESCRIPTION OF EMBODIMENTS OF THE INVENTION

Referring now to the accompanying drawing figures wherein like referencenumerals denote like elements throughout the various views, one or moreembodiments of a security system and method for data centers are shown.In the embodiments shown and described herein, the system and methodinclude an electronic key and a security device. Security devicessuitable for use with the electronic keys include, but are not limitedto, security devices for various types of fixtures, such as server racksfor storing various types and quantities of computer and/or networkequipment or components, such as for example, servers, computers, harddrives, media storage, routers, hubs, network switches, etc. The serverrack may define an enclosure that is configured to secure variouscomputer and/or network equipment or components that is only configuredto be accessed by authorized personnel, such as described in thefollowing embodiments. Of course, embodiments of the present inventionare applicable to any number of security devices for securing variousitems from theft, including those other than with respect to datacenters. Embodiments of the present invention may provide securitydevices for protecting equipment from theft in a data center environmentthat may include valuable data as well as providing various dataregarding accesses or attempted accesses to the equipment. Moreover,although some embodiments disclosed herein are directed to use ofsecurity devices with cabinets, it is understood that any variety offixtures may be used that are configured to house or otherwise secureitems to be secured.

An embodiment of a system and method according to the invention isillustrated in FIGS. 1A-9B. The embodiment of the security system andmethod depicted comprises a programmable electronic key 20, which isalso referred to herein as a security key or an electronic key, and asecurity device 40 that is configured to be operated by the key. Thesystem and method may further comprise an optional programming orauthorization station, indicated generally at 60, that is operable forprogramming the key 20 with a security code, which is also referred toherein as a Security Disarm Code (SDC). The term SDC is not intended tobe limiting, as it may be any code configured to be used to determinewhether the key 20 is authorized to control the security device 40. Inaddition to programming station 60, the system and method may furthercomprise an optional charging station, indicated generally at 80, thatis operable for initially charging and/or subsequently recharging apower source disposed within the key 20. For example, security key 20and security device 40 may each be programmed with the same SDC into arespective permanent memory. The security key 20 may be provisioned witha single-use (e.g., non-rechargeable) power source, such as aconventional or extended-life battery, or alternatively, the key may beprovisioned with a multiple-use (e.g., rechargeable) power source, suchas a conventional capacitor or rechargeable battery. In either instance,the power source may be permanent, semi-permanent (e.g., replaceable),or rechargeable, as desired. In the latter instance, charging station 80is provided to initially charge and/or to subsequently recharge thepower source provided within the security key 20. Furthermore, key 20and/or security device 40 may be provided with only a transient memory,such that the SDC must be programmed (or reprogrammed) at predeterminedtime intervals. In this instance, programming station 60 is provided toinitially program and/or to subsequently reprogram the SDC into the key20. As will be described, key 20 is operable to initially program and/orto subsequently reprogram the security device 40 with the SDC. Key 20 isthen further operable to operate the security device 40 using powertransferred to the security device and/or data communicated with thedevice, as will be described.

In one embodiment of the system and method illustrated in FIGS. 1A-9B,programmable electronic key 20 is configured to be programmed with aunique SDC by the programming station 60. A programming station 60suitable for use with the present invention is shown and described indetail in the commonly owned U.S. Pat. No. 7,737,844 entitledPROGRAMMING STATION FOR A SECURITY SYSTEM FOR PROTECTING MERCHANDISE,the disclosure of which is incorporated herein by reference in itsentirety. As illustrated in FIG. 1A and best shown in enlarged FIG. 1B,the key 20 is presented to the programming station 60 and communicationtherebetween is initiated, for example by pressing a control button 22provided on the exterior of the key. Communication between theprogramming station 60 and the key may be accomplished directly, forexample, by one or more electrical contacts, or indirectly, for exampleby wireless communication. Any form of wireless communication capable oftransferring data between the programming station 60 and key 20 is alsopossible, including without limitation optical transmission, acoustictransmission, or magnetic induction. In the embodiments shown anddescribed herein, communication between programming station 60 and key20 is accomplished by wireless optical transmission, and moreparticularly, by cooperating infrared (IR) transceivers provided in theprogramming station and the key. The components and method of IRcommunication between programming station 60 and key 20 is described ingreater detail in the aforementioned U.S. Pat. No. 7,737,844, andaccordingly, will not be repeated here. For the purpose of describingthe present invention, it is sufficient that the programming stationcomprises at least a logic control circuit for generating or beingprovided with a SDC, a memory for storing the SDC, and a communicationssystem suitable for interacting with the programmable electronic key 20in the manner described herein to program the key with the SDC.

As shown in FIG. 1B, programming station 60 comprises a housing 61configured to contain the logic control circuit that generates the SDC,the memory that stores the SDC, and a communications system, namely anoptical transceiver, for wirelessly communicating the SDC to acooperating optical transceiver disposed within the key 20. In use, thelogic control circuit generates the SDC, which may be a predetermined(e.g., “factory preset”) security code, a serial number, or which may bea security code that is randomly generated by the logic control circuitof the programming station 60 at the time a first key 20 is presented tothe station for programming. In the latter instance, the logic controlcircuit further comprises a random number generator for producing theunique SDC. A series of visual indicators, for example light-emittingdiodes (LEDs) 67 may be provided on the exterior of the housing 61 forindicating the operating status of the programming station. Use of theprogramming station 60 may further require authorization, such as with amechanical lock mechanism, for example, a conventional key and tumblerlock 68, for preventing use of the programming station by anunauthorized person. Alternatively, the programming station 60 mayrequire various other forms of authentication, such as a pin code,biometric identification, facial recognition, etc. in order to activatethe key 20 or otherwise gain access to the key. As shown herein, theprogramming station 60 may be operatively connected to an external powersource by a power cord 70 having at least one conductor. Alternatively,the programming station 60 may comprise an internal power source, forexample an extended-life replaceable battery or a rechargeable battery,for providing power to the logic control circuit and the LEDs 67.

In one example embodiment, the logic control circuit of the programmingstation 60 performs an electronic exchange of data with a logic controlcircuit of the key 20, commonly referred to as a “handshakecommunication protocol.” The handshake communication protocol determineswhether the key is an authorized key that has not been programmedpreviously, or is an authorized key that is being presented to theprogramming station a subsequent time to refresh the SDC. In the eventthat the handshake communication protocol fails, the programming station60 will not provide the SDC to the unauthorized device attempting toobtain the SDC, for example an infrared reader on a counterfeit key.When the handshake communication protocol succeeds, programming station60 permits the SDC randomly generated by the logic control circuitand/or stored in the memory of the station to be transmitted by theoptical transceiver to the cooperating optical transceiver disposedwithin the key 20. As will be readily apparent to those skilled in theart, the SDC may be transmitted from the programming station 60 to thesecurity key 20 alternatively by any other suitable means, includingwithout limitation, electrical contacts or electromechanical,electromagnetic or magnetic conductors, as desired.

As illustrated in FIG. 2 , the security key 20 programmed with the SDCis then positioned to operatively engage the security device 40. In theembodiments shown and described herein, the security device is aconventional cabinet lock that has been modified to be unlocked by theprogrammable electronic key 20. Preferably, the security device 40 is a“passive” device. As used herein, the term passive is intended to meanthat the security device 40 does not have an internal power sourcesufficient to perform any functions (e.g., lock and/or unlock amechanical lock mechanism). Significant cost savings are obtained by aretailer when the security device 40 is passive since the expense of aninternal power source is confined to the security key 20, and one suchkey is able to operate multiple security devices. If desired, thesecurity device 40 may also be provided with a temporary power source(e.g., capacitor or limited-life battery) having sufficient power toactivate an alarm, for example a piezoelectric audible alarm, that isactuated by a sensor, for example a contact, proximity or limit switch,in response to a security breach. The temporary power source may also besufficient to communicate data, for example a SDC, from the securitydevice 40 to the security key 20 to authenticate the security device andthereby authorize the key to provide power to the security device. Withthis embodiment of the present invention, the mechanical lock mechanismis operated by electrical power that is transferred from the key 20 tothe security device 40 via electrical contacts, as will be described.

The security device 40 further comprises a logic control circuit,similar to the logic control circuit disposed within the key 20, adaptedto perform a handshake communication protocol with the logic controlcircuit of the key in essentially the same manner as that between theprogramming station 60 and the key. In essence, the logic controlcircuit of the key 20 and the logic control circuit of the securitydevice 40 communicate with each other to determine whether the securitydevice is an authorized device that does not have a security code, or isa device having a proper (e.g., matching) SDC. The key 20 may beconfigured to initially transfer power to the security device 40 in theevent the security device is a passive device to allow the securitydevice to communicate with the key. In the event the handshakecommunication protocol fails (e.g., the device is not authorized or thedevice has a non-matching SDC), the key 20 will not program the device40 with the SDC, and consequently, the security device will not operate.If the security device 40 was previously programmed with a differentSDC, the device will no longer communicate with the security key 20. Inthe event the handshake communication protocol is successful, thesecurity key 20 permits the SDC stored in the key to be transmitted bythe optical transceiver disposed within the key to a cooperating opticaltransceiver disposed within the security device 40 to program the devicewith the SDC. As will be readily apparent to those skilled in the art,the SDC may be transmitted from the security key 20 to the securitydevice 40 alternatively by any other suitable means, including withoutlimitation, via one or more electrical contacts, or viaelectromechanical, electromagnetic or magnetic conductors, as desired.Furthermore, the SDC may be transmitted by inductive transfer of datafrom the programmable electronic key 20 to the programmable securitydevice 40.

On the other hand, when the handshake communication protocol issuccessful and the security device 40 is an authorized device having thesame (e.g., matching) SDC, the mechanical lock mechanism of the securitydevice 40 may operate using power from the key 20, either power that hadbeen previously transferred by the key and stored by the security deviceand/or by power transmitted by the key to the security device. In theembodiment of FIGS. 1A-9B, electrical contacts disposed on the securitykey 20 electrically couple with cooperating electrical contacts on thesecurity device 40 to transfer power from the internal battery of thekey to the security device. Power may be transferred directly to themechanical lock mechanism, or alternatively, may be transferred to apower circuit disposed within the security device 40 that operates themechanical lock mechanism of the security device and may be configuredto store the power for subsequent operation of the lock mechanism. Inthe embodiment of FIGS. 1A-9B, the cabinet lock 40 is affixed to one ofthe pair of adjacent and overlapping sliding doors 102 of a conventionalcabinet 100. The cabinet 100 typically contains various types ofequipment 110. The doors 102 overlap medially between the ends of thecabinet 100 and the cabinet lock 40 is secured on an elongate lockingarm 104 of a lock bracket 105 affixed to the inner door. In theillustrated example, the key 20 transfers power to an electric motor,such as a DC stepper motor, solenoid, or the like, that unlocks the lockmechanism of the cabinet lock 40 so that the cabinet lock can be removedfrom the arm 104 of the bracket 105 and the doors moved (e.g., slid)relative to one another to access the equipment 110 stored within thecabinet 100. As shown, the arm 104 of the bracket 105 is provided withone-way ratchet teeth 106 and the cabinet lock 40 is provided with acomplimentary ratchet pawls (not shown) in a conventional manner so thatthe key 20 is not required to lock the cabinet lock 40 onto the innerdoor 102 of the cabinet 100. If desired, however, the cabinet lock 40can be configured to require use of the key 20 to both unlock and lockthe cabinet lock.

It will be readily apparent to those skilled in the art that the cabinetlock illustrated herein is but one of numerous types of passive securitydevices 40 that can be configured to be operated by a programmableelectronic key 20 according to the present invention. In any of theaforementioned embodiments, the security device 40 may further comprisean electronic lock mechanism, such as a conventional proximity, limit orcontact switch, including an associated monitoring circuit thatactivates an alarm in response to the switch being actuated or theintegrity of a sense loop monitored by the monitoring circuit beingcompromised. In such embodiments the security device 40 comprises alogic control circuit, or the equivalent, including a memory for storinga SDC, and a communication system for initially receiving the SDC fromthe security key 20 and subsequently communicating with the key toauthenticate the SDC of the key.

As illustrated in FIG. 3A and shown enlarged in FIG. 3B, the securitysystem and method further comprises charging station 80 for initiallycharging and subsequently recharging a rechargeable battery disposedwithin the security key 20. The charging station 80 comprises at leastone charging port 82 sized and shaped to receive a key 20 to be chargedor recharged. As will be described in greater detail with reference toFIGS. 9A and 9B, each charging port 82 comprises at least one magnet 85for securely positioning and retaining the key 20 within the chargingport 82 in electrical contact with the charging station 80. If desired,the charging station 80 may comprise an internal power source, forexample, an extended-life replaceable battery or a rechargeable battery,for providing power to up to four keys 20 positioned within respectivecharging ports 82. Alternatively, and as shown herein, charging station80 may be operatively connected to an external power source by a powercord 90 having at least one conductor. In some embodiments theprogramming station 60 and charging station 80 may be integrated into asingle component.

In some embodiments, the electronic key 20, 120 may include additionalauthentication requirements prior to being used by a user, which may beuseful for chain of custody. For example, the electronic key 20, 120 mayrequire various other forms of authentication, such as a pin code,biometric identification, button presses, facial recognition, etc. inorder to activate the key or otherwise gain access to the key. In somecases, the authentication using the key 20, 120 itself may be used incombination with authentication of the key using the programming station60. For example, a keycode entered by the user at the programmingstation 60 may be used to initially check out a key 20, 120. However,the user may be further required to present his or her fingerprint tothe key 20, 120 (or other authentication using the key itself) beforethe key is capable of being used to control or communicate with asecurity device 40. The user may be required to present his or herfingerprint to the key 20, 120 within a predetermined time window inorder to authorize the key for use. Otherwise, the user may be requiredto return to the programming station 60 to start the check out processover. The key 20, 120 may be configured to store the user's fingerprintin memory and/or access attempts for auditing purposes. The data couldbe communicated to one or more remote devices 250 in some embodiments.In addition, key 20, 120 may be configured to detect and/or recordunauthorized access attempts based on another user attempting to use thekey that does not match the stored fingerprint. In lieu of biometricidentification, other forms of authentication could be used, such as forexample, a “morse code” number of button presses on the key 20, 120.Thus, the user is able to use the key 20, 120 only if the button pressesmatches a predetermined sequence stored by the key.

According to other embodiments, a plurality of keys 20, 120 may berequired in order to control or communicate with a security device 40.In this regard, the security device 40 may include different modes ofoperation, e.g., (i) a single mode where a single key 20, 120 is neededto operate a single security device or (ii) a dual mode where more thanone key is needed to operate a single security device. The securitydevice 40 may be hardcoded with the desired mode of operation, while inother cases mechanical switches or the like could be used to change themode of operation of the security device. In some embodiments, the key20, 120 is configured to provide information regarding the mode ofoperation regardless of the type of security device 40. For example, thekey 20, 120 may be configured to communicate the desired mode to thesecurity device 40. In this way, the key 20, 120 may communicate adual-mode operation to the security device 40, which would require morethan one user to present an authorized key to the security device beforethe security device may be operated. There may be master keys 20, 120 insome cases that are configured to bypass any security devices 40 thatrequire multiple user authentication. In one embodiment, a useridentification code and an SDC is needed prior to controlling thesecurity device 40 using a key 20, 120. For instance, a user may berequired to check out a key 20, 120 using a programming station 60,which would then program the key with the required modes of operationand security devices 40 that the user is able to access. In some cases,the dual-mode setting overrides any single mode of operation. Namely, akey 20, 120 required to operate in dual mode would override any singlemode setting in the lock and vice versa.

In other embodiments, multiple security devices 40 may be configured tosecure a single fixture. For example, in some applications, safety oradditional authorization may be required prior to granting access to afixture. One example of this is a hasp for securing access to circuitbreakers where the hasp is configured to be used with a plurality ofsecurity devices 40, such as padlocks configured to operate with key 20,120. In this instance, a plurality of security devices 40 may be desiredto be used to ensure safety of the technicians, since all securitydevices would need to be unlocked prior to granted access to thefixture. Typically, technicians have no awareness of when the securitydevice 40 has been removed or added. However, using keys 20, 120 wouldallow for sequencing and recording of accesses to the security devices40. For instance, the time stamp of the time the security device 40 wasaccessed and by whom could be recorded. Moreover, access to the fixturemay be combined with other authorization techniques disclosed herein,such as biometric identification on the key 20, 120 and/or multiplemodes of operation of the security device and/or key. In some cases,various levels of alerts may be configured to be provided to thetechnicians, such as via remote devices 250, to the technician's keys20, 120 and/or other portable device.

An available feature of a security system and method according to theinvention is that the logic control circuit of the programmableelectronic key 20 may include a time-out function. More particularly,the ability of the key 20 to transfer data and power to the securitydevice 40 is deactivated after a predetermined time period. By way ofexample, the logic control circuit may be deactivated after about eighthours from the time the key was programmed or last refreshed by theprogramming station 60. Thus, an authorized sales associate typicallymust program or refresh the key 20 assigned to him at the beginning ofeach work shift. Furthermore, the charging station 80 may be configuredto deactivate the logic control circuit of the key 20 (and therebyprevent use of the SDC) when the key is positioned within a chargingport 82. In this manner, the charging station 80 can be made availableto an authorized sales associate in an unsecured location without riskthat a charged key 20 could be removed from the charging station andused to maliciously disarm and/or unlock a security device 40. Thesecurity key 20 would then have to be programmed or refreshed with theSDC by the programming station 60, which is typically monitored ormaintained at a secure location, in order to reactivate the logiccontrol circuit of the key. If desired, the charging station 80 mayalternatively require a matching handshake communication protocol withthe programmable electronic key 20 in the same manner as the securitydevice 40 and the key.

FIG. 4 is an enlarged view showing the embodiment of the security device40 in greater detail. As previously mentioned, a security device 40according to the present invention may utilize electrical power to lockand/or unlock a mechanical lock mechanism, and optionally, furtherincludes an electronic lock mechanism, such as an alarm or a security“handshake.” At the same time, the security device 40 must be a passivedevice in the sense that it does not have an internal power sourcesufficient to operate (e.g., actuate the mechanical lock mechanism). Asa result, the security device 40 must be configured to receive at leastpower, and in some cases, both power and data from an external source,such as the security key 20 shown and described herein. The embodimentof the security device depicted in FIG. 4 is a cabinet lock 40configured to be securely affixed to the locking arm 104 of aconventional cabinet lock bracket 105, as previously described. Thecabinet lock 40 comprises a logic control circuit for performing asecurity handshake communication protocol with the logic control circuitof the security key 20 and for being programmed with the SDC by the key.In other embodiments, the cabinet lock 40 may be configured to transmitthe SDC to the security key 20 to authenticate the security device andthereby authorize the key to transfer power to the cabinet lock. Aspreviously mentioned, the data (e.g., handshake communication protocoland SDC) may be transferred (e.g., transmitted and received) byelectrical contacts, optical transmission, acoustic transmission ormagnetic induction, for example.

The cabinet lock 40 comprises a housing 41 sized and shaped to contain alogic control circuit (not shown) and an internal mechanical lockmechanism (not shown). A transfer port 42 formed in the housing 41 issized and shaped to receive a transfer probe of the security key 20, aswill be described. At least one magnet 45 is disposed within thetransfer port 42 for securely positioning and retaining the transferprobe of the key 20 in electrical contact with electrical contacts ofthe mechanical lock mechanism, and if desired, in electrical contactwith the logic control circuit of the cabinet lock 40. In the embodimentshown and described in FIGS. 1A-9B, data is transferred from thesecurity key 20 to the cabinet lock 40 by wireless communication, suchas by infrared (IR) optical transmission, as shown and described in thecommonly owned U.S. Pat. No. 7,737,843 entitled PROGRAMMABLE ALARMMODULE AND SYSTEM FOR PROTECTING MERCHANDISE, the disclosure of which isincorporated herein by reference in its entirety. Power is transferredfrom the security key 20 to the cabinet lock 40 through electricalcontacts disposed on the transfer probe of the key and correspondingelectrical contacts disposed within the transfer port 42 of the cabinetlock. For example, the transfer port 42 may comprise a metallic outerring 46 that forms one electrical contact, while at least one of themagnets 45 form another electrical contact to complete an electricalcircuit with the electrical contacts disposed on the transfer probe ofthe key 20. Regardless, electrical contacts transfer power from the key20 to the mechanical lock mechanism disposed within the housing 41. Aspreviously mentioned, the power transferred from the key 20 is used tooperate the mechanical lock mechanism, for example utilizing an electricmotor, DC stepper motor, solenoid, or the like, to unlock the mechanismso that the cabinet lock 40 can be removed from the locking arm 104 ofthe lock bracket 105.

FIGS. 5-8 show an embodiment of a security key, also referred to hereinas a programmable electronic key, 20 according to the present invention.As previously mentioned, the security key 20 is configured to transferboth data and power to a security device 40 that comprises an electroniclock mechanism and a mechanical lock mechanism, as previously described.Accordingly, the programmable electronic key 20 must be an “active”device in the sense that it has an internal power source sufficient tooperate the mechanical lock mechanism of the security device 40. As aresult, the programmable electronic key 20 may be configured to transferboth data and power from an internal source disposed within the key, forexample a logic control circuit and a battery. The embodiment of theprogrammable electronic key 20 depicted in FIGS. 5-8 is a security keyconfigured to be received within the transfer port 42 of the cabinetlock 40 shown in FIG. 4 , as well as within the programming port 62 ofthe programming station 60 (FIG. 2 ; FIG. 3A) and the charging port 82of the charging station 80 (FIG. 3B; FIG. 9A; FIG. 9B). The programmableelectronic key 20 comprises a logic control circuit for performing ahandshake communication protocol with the logic control circuit of theprogramming station 60 and for receiving the SDC from the programmingstation, as previously described. The logic control circuit of theprogrammable electronic key 20 further performs a handshakecommunication protocol with the logic control circuit of the securitydevice 40 and transfers the SDC to the device or permits operation ofthe device, as previously described. As previously mentioned, the data(e.g., handshake communication protocol and SDC) may be transferred bydirect electrical contacts, optical transmission, acoustic transmissionor magnetic induction.

As illustrated in FIG. 6 , the programmable electronic key 20 comprisesa housing 21 and an outer sleeve 23 that is removably disposed on thehousing. The housing 21 contains the internal components of the key 20,including without limitation the logic control circuit, memory,communication system and battery, as will be described. A window 24 maybe formed through the outer sleeve 23 for viewing indicia 24A thatuniquely identifies the key 20, or alternatively, indicates a particularserver rack for use with the key. The outer sleeve 23 is removablydisposed on the housing 21 so that the indicia 24A may be altered orremoved and replaced with different indicia. The programmable electronickey 20 may further comprise a detachable “quick-release” type key chainring 30. An opening 26 (FIG. 8 ) is formed through the outer sleeve 23and a key chain ring port 28 is formed in the housing 21 for receivingthe key chain ring 30. The programmable electronic key 20 furthercomprises a transfer probe 25 located at an end of the housing 21opposite the key chain ring port 28 for transferring data and power tothe security device 40, as previously described. The transfer probe 25also transmits and receives the handshake communication protocol and theSDC from the programming station 60, as previously described, andreceives power from the charging station 80, as will be described ingreater detail with reference to FIG. 9A and FIG. 9B.

As best shown in FIG. 8 , an internal battery 31 and a logic controlcircuit, or printed circuit board (PCB) 32 are disposed within thehousing 21 of the programmable electronic key 20. Battery 31 may be aconventional extended-life replaceable battery, but preferably, is arechargeable battery suitable for use with the charging station 80. Thelogic control circuit 32 is operatively coupled and electricallyconnected to a switch 33 that is actuated by the control button 22provided on the exterior of the key 20 through the outer sleeve 23.Control button 22 in conjunction with switch 33 controls certainoperations of the logic control circuit 32, and in particular,transmission of the data to the security device 40. In that regard, thelogic control circuit 32 is further operatively coupled and electricallyconnected to a communication system 34 for transmitting and receivingthe handshake communication protocol and SDC data. In the embodimentshown and described herein, the communication system 34 is a wirelessinfrared (IR) transceiver for optical transmission of data between theprogrammable electronic key 20 and the programming station 60, as wellas between the key 20 and the security device 40. As a result, thetransfer probe 25 of the key 20 is provided with an opticallytransparent or translucent filter window 35 for emitting and collectingoptical transmissions between the key 20 and the programming station 60,or alternatively, between the key 20 and the security device 40, asrequired. Transfer probe 25 further comprises a pair of bi-directionalpower transfer electrical contacts 36, 38 made of an electricallyconductive material for transferring power to the security device 40 andfor receiving power from the charging station 80, as required.Accordingly, electrical contacts 36, 38 are electrically connected tobattery 31, and are operatively coupled and electrically connected tologic control circuit 32 in any suitable manner, for example byconductive insulated wires or plated conductors.

An important aspect of a programmable electronic key 20 according to thepresent invention, especially when used for use in conjunction with asecurity device 40 as described herein, is that the key does not requirea physical force to be exerted by a user on the key to operate themechanical lock mechanism of the security device. By extension, nophysical force is exerted by the key on the mechanical lock mechanism.As a result, the key cannot be unintentionally broken off in the lock,as often occurs with conventional mechanical key and lock mechanisms.Furthermore, neither the key nor and the mechanical lock mechanismsuffer from excessive wear as likewise often occurs with conventionalmechanical key and lock mechanisms. In addition, there is no requiredorientation of the transfer probe 25 of the programmable electronic key20 relative to the charging port 82 of the charging station 80 or thetransfer port 42 of the security device 40. Accordingly, any wear of theelectrical contacts on the transfer probe 25, the charging port 82 orthe transfer port 42 is minimized. As a further advantage, an authorizedperson is not required to position the transfer probe 25 of theprogrammable electronic key 20 in a particular orientation relative tothe transfer port 42 of the security device 40 and thereafter exert acompressive and/or torsional force on the key to operate the mechanicallock mechanism of the device.

FIG. 9A and FIG. 9B show charging station 80 in greater detail. Aspreviously mentioned, the charging station 80 recharges the internalbattery 31 of the programmable electronic key 20, and if desired,deactivates the data transfer and/or power transfer capability of thekey until the key is reprogrammed with the SDC by the programmingstation 60. Regardless, the charging station 80 comprises a housing 81for containing the internal components of the charging station. Theexterior of the housing 81 has at least one, and preferably, a pluralityof charging ports 82 formed therein that are sized and shaped to receivethe transfer probe 25 of the security key 20, as previously described.At least one magnet 85 is disposed within each charging port 82 forsecurely positioning and retaining the transfer probe 25 in electricalcontact with the charging station 80. More particularly, the electricalcontacts 36, 38 of the key 20 are retained within the charging port 82in electrical contact with the magnets 85 and a resilient “pogo” pin 86made of a conductive material to complete an electrical circuit betweenthe charging station 80 and the battery 31 of the key.

As best shown in FIG. 9B, housing 81 is sized and shaped to contain alogic control circuit, or printed circuit board (PCB) 92 that isoperatively coupled and electrically connected to the magnets 85 and thepogo pin 86 of each charging port 82. The pogo pin 86 is depressible tocomplete an electrical circuit as the magnets 85 position and retain theelectrical contacts 36, 38 within the charging port 82. In particular,magnets 85 make electrical contact with the outer ring electricalcontact 36 of the transfer probe 25 of key 20, while pogo pin 86 makeselectrical contact with inner ring electrical contact 38 of the transferprobe. When the pogo pin 86 is depressed and the electrical circuitbetween the charging station 80 and the key 20 is completed, thecharging station recharges the internal battery 31 of the key. Aspreviously mentioned, charging station 80 may comprise an internal powersource, for example, an extended-life replaceable battery or arechargeable battery, for providing power to the key(s) 20 positionedwithin the charging port(s) 82. Alternatively, and as shown herein, thelogic control circuit 92 of the charging station 80 is electricallyconnected to an external power source by a power cord 90 having at leastone conductor. Furthermore, logic control circuit 92 may be operable fordeactivating the data transfer and power transfer functions of theprogrammable electronic key 20, or alternatively, for activating the“time-out” feature of the key until it is reprogrammed or refreshed bythe programming station 60.

FIGS. 10-17B show another embodiment of a security system and methodincluding a programmable key, a security device, a programming station,and a charging station according to various embodiments of the presentinvention. In this embodiment, the system and method comprise at least aprogrammable electronic key (also referred to herein as a security key)with inductive transfer, indicated generally at 120, and a securitydevice with inductive transfer, indicated generally at 140, that isoperated by the key 120. The programmable electronic key 120 is useablewith any security device or locking device, such as various types ofserver racks as discussed above, with inductive transfer capability thatrequires power transferred from the key to the device by induction, oralternatively, requires data transferred between the key and the deviceand power transferred from the key to the device by induction. Moreover,the electronic key 120 may include the same or similar functionality ofthe key 20 discussed herein.

As illustrated in FIG. 11 , the security system and method may furthercomprise a charging station 180 for initially charging and subsequentlyrecharging a rechargeable battery disposed within the security key 120via inductive transfer. The charging station 180 comprises at least onecharging port 182 sized and shaped to receive a security key 120. Ifdesired, each charging port 182 may comprise mechanical or magneticmeans for properly positioning and securely retaining the key 120 withinthe charging port. By way of example and without limitation, at leastone, and preferably, a plurality of magnets (not shown) may be providedfor positioning and retaining the key 120 within the charging port 182of the charging station 180. However, as will be described further withreference to FIG. 17B, it is only necessary that the inductivetransceiver of the security key 120 is sufficiently aligned with thecorresponding inductive transceiver of the charging station 180 over agenerally planar surface within the charging port 182. Thus, magnets arenot required (as with charging station 80) to position, retain andmaintain electrical contacts provided on the security key 120 inelectrical contact with corresponding electrical contacts provided onthe charging station 180. If desired, the charging station 180 maycomprise an internal power source, for example, an extended-lifereplaceable battery or a rechargeable battery, for providing power tothe key(s) 120 positioned within the charging port(s) 182.Alternatively, and as shown herein, charging station 180 may beoperatively connected to an external power source by a power cord 190having at least one conductor in a conventional manner.

FIG. 12 shows the security device 140 with inductive transfer in greaterdetail. In a particular embodiment, a security device 140 with inductivetransfer according to the invention may both receive electrical powerfrom the security key 120 and communicate (e.g., transmit/receive) theSDC with the key by magnetic induction.

The cabinet lock 140 comprises a housing 141 sized and shaped to containa logic control circuit (not shown) and an internal mechanical lockmechanism (not shown). A transfer port 142 formed in the housing 141 issized and shaped to receive a transfer probe of the security key 120, aswill be described. If desired, the transfer port 142 may comprisemechanical or magnetic means for properly positioning and securelyretaining the key 120 within the transfer port. By way of example andwithout limitation, at least one, and preferably, a plurality of magnets(not shown) may be provided for positioning and retaining the key 120within the transfer port 142 of the cabinet lock 140. However, aspreviously described with respect to the security key 120 and thecharging port 182 of the charging station 180, it is only necessary thatthe inductive transceiver of the security key 120 is sufficientlyaligned with the corresponding inductive transceiver of the cabinet lock140 over a generally planar surface within the transfer port 42.Therefore, magnets are not required to position, retain and maintainelectrical contacts provided on the security key 120 in electricalcontact with corresponding electrical contacts provided on the cabinetlock 140. In the particular embodiment shown and described herein, datais transferred from the security key 120 to the cabinet lock 140 bywireless communication, such as infrared (IR) optical transmission asshown and described in the aforementioned U.S. Pat. No. 7,737,843. Poweris transferred from the security key 120 to the cabinet lock 140 byinduction across the transfer port 142 of the cabinet lock using aninductive transceiver disposed within a transfer probe of the key thatis aligned with a corresponding inductive transceiver disposed withinthe cabinet lock. For example, the transfer probe of the security key120 may comprise an inductive transceiver coil that is electricallyconnected to the logic control circuit of the key to provide electricalpower from the internal battery of the key to an inductive transceivercoil disposed within the cabinet lock 140. The inductive transceivercoil of the cabinet lock 140 then transfers the electrical power fromthe internal battery of the key 120 to the mechanical lock mechanismdisposed within the housing 141 of the cabinet lock. As previouslymentioned, the power transferred from the key 120 is used to unlock themechanical lock mechanism, for example utilizing an electric motor, DCstepper motor, solenoid, or the like, so that the cabinet lock 140 canbe removed from the arm 104 of the lock bracket 105.

FIGS. 13-16 show the programmable electronic key 120 with inductivetransfer in greater detail. As previously mentioned, the key 120 isconfigured to transfer both data and power to a security device 140 thatcomprises an electronic lock mechanism and a mechanical lock mechanism.Accordingly, the programmable electronic key 120 must be an activedevice in the sense that it has an internal power source sufficient tooperate the mechanical lock mechanism of the security device 140. As aresult, the programmable electronic key 120 may be configured totransfer both data and power from an internal source, such as a logiccontrol circuit and a battery disposed within the key. The embodiment ofthe programmable electronic key 120 depicted herein is a security keywith inductive transfer capability configured to be received within thetransfer port 145 of the cabinet lock 140 shown in FIG. 12 , as well asthe programming port 62 of the programming station 60 (FIG. 2 ) and thecharging port 182 of the charging station 180 (FIG. 11 ). Theprogrammable electronic key 120 comprises a logic control circuit forperforming a handshake communication protocol with the logic controlcircuit of the programming station 60 and for receiving the SDC from theprogramming station, as previously described. The logic control circuitof the programmable electronic key 120 further performs a handshakecommunication protocol with the logic control circuit of the securitydevice 140 and transfers the SDC to the security device, as previouslydescribed. In a particular embodiment, a security key 120 with inductivetransfer according to the invention may both transfer electrical powerto a security device 140 and communicate the SDC with the securitydevice by magnetic induction.

The programmable electronic key 120 comprises a housing 121 having aninternal cavity or compartment that contains the internal components ofthe key, including without limitation the logic control circuit, memory,communication system and battery, as will be described. As shown, thehousing 121 is formed by a lower portion 123 and an upper portion 124that are joined together after assembly, for example by ultrasonicwelding. The programmable electronic key 120 further defines an opening128 at one end for coupling the key to a key chain ring, lanyard or thelike. As previously mentioned, the programmable electronic key 120further comprises a transfer probe 125 located at an end of the housing121 opposite the opening 128 for transferring data and power to thesecurity device 140. The transfer probe 125 is also operable to transmitand receive the handshake communication protocol and the SDC from theprogramming station 60, as previously described, and to receive powerfrom the charging station 180, as will be described in greater detailwith reference to FIG. 17A and FIG. 17B.

FIG. 14 shows an embodiment of an inductive coil 126 having highmagnetic permeability that is adapted to be disposed within the housing121 of the electronic key 120 adjacent the transfer probe 125. As shownherein, the inductive coil 126 comprises a highly magnetically permeableferrite core 127 surrounded by a plurality of inductive core windings129. The inductive core windings 129 consist of a length of a conductivewire that is wrapped around the ferrite core. As is well known, passingan alternating current through the conductive wire generates, orinduces, a magnetic field around the inductive core 127. The alternatingcurrent in the inductive core windings 129 may be produced by connectingthe leads 129A and 129B of the conductive wire to the internal batteryof the electronic key 120 through the logic control circuit. FIG. 14further shows an inductive coil 146 having high magnetic permeabilitythat is adapted to be disposed within the housing 141 of the securitydevice (e.g., cabinet lock) 140 adjacent the transfer port 142. As shownherein, the inductive coil 146 comprises a highly magnetically permeableferrite core 147 surrounded by a plurality of inductive core windings149 consisting of a length of a conductive wire that is wrapped aroundthe ferrite core. Placing the transfer probe 125 of the electronic key120 into the transfer port 142 of the cabinet lock 140 and passing analternating current through the inductive core windings 129 of theinductive core 126 generates a magnetic field within the transfer portof the cabinet lock in the vicinity of the inductive coil 146. As aresult, an alternating current is generated, or induced, in theconductive wire of the inductive core windings 149 of inductive coil 146having leads 149A and 149B connected to the logic control circuit of thecabinet lock 140. The alternating current induced in the inductive coil146 of the cabinet lock 140 is then transformed into a direct current ina known manner, such as via a bridge rectifier on the logic controlcircuit, to provide direct current (DC) power to the cabinet lock. TheDC power generated in the cabinet lock 140 by the inductive coil 126 ofthe electronic key 120, may be used, for example, to unlock a mechanicallock mechanism disposed within the housing 141 of the cabinet lock.

As best shown in FIG. 16 , an internal battery 131 and a logic controlcircuit, or printed circuit board (PCB) 132 are disposed within thehousing 121 of the programmable electronic key 120. Battery 131 may be aconventional extended-life replaceable battery, but preferably, is arechargeable battery suitable for use with the charging station 180. Thelogic control circuit 132 is operatively coupled and electricallyconnected to a switch 133 that is actuated by the control button 122provided on the exterior of the key 120 through the housing 121. Controlbutton 122 in conjunction with switch 133 controls certain operations ofthe logic control circuit 132, and in particular, transmission of thedata (e.g., handshake communication protocol and SDC) between the keyand the programming station 60, as well as between the key and thesecurity device 140. In that regard, the logic control circuit 132 isfurther operatively coupled and electrically connected to acommunication system 134 for transferring the handshake communicationprotocol and SDC data. As shown and described herein, the communicationsystem 134 is a wireless infrared (IR) transceiver for opticaltransmission of data between the programmable electronic key 120 and theprogramming station 60, and between the key and the security device 140.As a result, the transfer probe 125 of the key 120 is provided with anoptically transparent or translucent filter window 135 for emitting andcollecting optical transmissions between the key 120 and the programmingstation 60, or between the key and the security device 140, as required.Transfer probe 125 further comprises inductive coil 126 (FIG. 14 )comprising inductive core 127 and inductive core windings 129 fortransferring electrical power to the security device 140 and/orreceiving electrical power from the charging station 180 to charge theinternal battery 131, as required. Accordingly, the leads 129A and 129B(FIG. 14 ) of the inductive coil 126 are electrically connected to thelogic control circuit 132, which in turn is electrically connected tothe battery 131, in a suitable manner, for example by conductiveinsulated wires or plated conductors. Alternatively, the opticaltransceiver 134 may be eliminated and data transferred between theprogrammable electronic key 120 and the security device 140 via magneticinduction through the inductive coil 126.

As noted above, one aspect of a programmable electronic key 120according to the present invention, especially when used for use inconjunction with a security device 140 as described herein, is that thekey does not require a physical force to be exerted by a user on the keyto operate the mechanical lock mechanism of the security device. Inaddition, there is no required orientation of the transfer probe 125 ofthe programmable electronic key 120 relative to the charging port 182 ofthe charging station 180 or the transfer port 142 of the security device140. Accordingly, any wear of the electrical contacts on the transferprobe 125, the charging port 182 or the transfer port 142 is minimized.As a further advantage, an authorized person is not required to positionthe transfer probe 125 of the programmable electronic key 120 in aparticular orientation relative to the transfer port 142 of the securitydevice 140 and thereafter exert a compressive and/or torsional force onthe key to operate the mechanical lock mechanism of the device.

FIG. 17A and FIG. 17B show charging station 180 with inductive transfercapability in greater detail. As previously mentioned, the chargingstation 180 recharges the internal battery 131 of the security key 120.In certain instances, the charging station 180 also deactivates the datatransfer and/or power transfer capability of the key 120 until the keyhas been reprogrammed with the SDC by the programming station 60.Regardless, the charging station 180 comprises a housing 181 forcontaining the internal components of the charging station. The exteriorof the housing 181 has at least one charging port 182 formed thereinthat are sized and shaped to receive the transfer probe 125 of aprogrammable electronic key 120. As previously described, mechanical ormagnetic means may be provided for properly positioning and securelyretaining the transfer probe 125 within the charging port 182 such thatthe inductive coil 126 is in alignment with a corresponding inductivecoil 186 (FIG. 17B) disposed within the housing 181 of the chargingstation 180 adjacent the charging port. As will be readily understoodand appreciated, the inductive coil 186 adjacent the charging port 182of the charging station 180 generates, or induces, an alternatingcurrent in the conductive wire of the inductive core windings 129 ofinductive coil 126 that in turn provides DC power (for example, via abridge rectifier on the logic control circuit 132) to charge the battery131 of the programmable electronic key 120.

As best shown in FIG. 17B, housing 181 is sized and shaped to contain alogic control circuit, or printed circuit board (PCB) 192 that iselectrically connected and operatively coupled to an inductive coil 186adjacent each of the charging ports 182. In the manner previouslydescribed with respect to inductive coli 126 and inductive coil 146,each inductive coil 186 comprises an inductive core 187 surrounded by aplurality of inductive core windings 189 formed by a conductive wirehaving a pair of leads (not shown). When an alternating current ispassed through the conductive wire of the inductive core windings 189with the transfer probe 125 of the programmable electronic key 120disposed in the charging port 182 of the charging station 180, theinductive coil 186 generates a magnetic field that induces analternating current in the conductive wire of the inductive corewindings 129 of the inductive coil 126 of the key. The alternatingcurrent in the inductive coil 126 is then transformed into DC power tocharge the internal battery 131 of the programmable electronic key 120.As previously mentioned, charging station 180 may comprise an internalpower source, for example, an extended-life replaceable battery or arechargeable battery, for providing power to the key(s) 120 positionedwithin the charging port(s) 182. Alternatively, and as shown herein, thelogic control circuit 192 of the charging station 180 is electricallyconnected to an external power source by a power cord 190 having atleast one conductor. Furthermore, logic control circuit 192 may beoperable for deactivating the data transfer and/or power transferfunctions of the programmable electronic key 120, or alternatively, foractivating the “timing out” feature of the key until it is reprogrammedor refreshed by the programming station 60.

In some embodiments, each electronic key 20, 120 is configured to storevarious types of data. For example, each key 20, 120 may store a serialnumber of one or more security devices 40, 140, the data and time ofactivation of the key, a user of the key, a serial number of the key,number of key activations, a type of activation (e.g., “naked”activation, activation transferring only data, activation transferringpower, activation transferring data and power), and/or various events(e.g., a security device has been locked or unlocked). This informationmay be transmitted to a remote location or device (e.g., a backendcomputer) upon each activation of the key 20, 120 or at any otherdesired period of time, such as upon communication with a programmingstation 60 or other back-end device. Thus, the data transfer may occurin predetermined time intervals or in real time or automatically in someembodiments. In some cases, the programming station 60 may be configuredto store the data and transfer the data to a remote location or device.Authorized personnel may use this data to take various actions, such asto audit and monitor key user activity, audit security devices 40, 140(e.g., ensure the security devices are locked), etc. Moreover, suchinformation may be requested and obtained on demand, such as from theprogramming station 60 and/or a remote device.

In other embodiments, the electronic key 20, 120 is configured to obtaindata from a security device 40, 140. For example, the security device40, 140 may store various data regarding past communication with aelectronic key 20, 120 (e.g., key identification, time of communication,etc.), and when a subsequent electronic key communicates with the samesecurity device, the data is transferred to the electronic key. Thus,the security device 40, 140 may include a memory for storing such data.In some cases, the security device 40, 140 includes a power source forreceiving and storing the data, while in other cases, the power providedby the electronic key 20, 120 is used for allowing the merchandisesecurity device to store the data. The electronic key 20, 120 may thencommunicate the data for collection and review, such as at a remotelocation or device. In some instances, communication between theelectronic key 20, 120 and the programming station 60 may allow data tobe pulled from the electronic key and communicated, such as to a remotelocation or device. In other cases, the electronic key 20, 120 may beconfigured to obtain data from security devices 40, 140, such as anidentification of the security device, identification of the itemscontained within or by the security device, and/or the system health ofthe security device and/or the items. The electronic key 20, 120 maystore the data and provide the data to a remote location or device uponcommunication with the programming station 60. As such, the electronickeys 20, 120 may be a useful resource for obtaining various types ofdata from the merchandise security devices 40, 140 without the need forwired connections or complex wireless networks or systems. In otherembodiments, the security devices 40, 140 themselves may includewireless communication capability to allow for transmission of the datato a remote device or location.

In another embodiment, each electronic key 20, 120 may include asecurity code and a serial number for one or more security devices 40,140. For example, a key 20, 120 may only be able to lock or unlock asecurity device 40, 140 where the security codes and the serial numbersmatch one another. In one example, each serial number is unique to asecurity device 40, 140 and could be programmed at the time ofmanufacture or by the retailer. Individual electronic keys 20, 120 maythen be assigned particular serial numbers for authorized securitydevices 40, 140 (e.g., user 1 includes serial numbers 1, 2, 3; user 2includes serial numbers 1, 4, 5). Each of the electronic keys 20, 120may be programmed with the same security code using a programmingstation 60. In order to lock or unlock a merchandise security device 40,140, the electronic key 20, 120 may communicate with a particularsecurity device and determine whether the security codes and the serialnumbers match. If the codes match, the electronic key 20, 120 then locksor unlocks the security device 40, 140.

According to another embodiment, FIG. 18 illustrates a system 200comprising a server rack 202 and a lock 240. In this example, the serverrack 202 includes a cabinet 204 and a door 206 pivotably attached to thecabinet, although other types of server racks and fixtures may be used.The lock 240 is configured to lock the door 206 to the cabinet 204 suchthat the door is incapable of being opened when the lock is locked butis able to be opened when the lock is unlocked. In this embodiment, thelock 240 may includes a latch that is configured to engage the cabinet204 to prevent the door 206 from opening when locked. The latch may beany suitable mechanism configured to move between an engaged positionwith the cabinet 204 and a disengaged position whereby the latch is nolonger in engagement with the cabinet.

In some embodiments, the lock 240 is configured to operate according tothe various embodiments discussed above for the security devices 40,140. For example, the lock 240 may be an electronic lock configured tobe controlled by a key 20, 120 using power and/or data communicationusing various communication protocols. In the illustrated embodiment,the lock 240 may include a transfer port 242 that is configured tofacilitate communication with a key 20, 120 as disclosed above. In otherembodiments, the lock 240 may be configured to be operated using acombination of electrical and mechanical interaction.

In other embodiments, the key 20, 120 may be used for ensuring chain ofcustody. For example, the key 20, 120 may be configured to scan the rackor hardware contained within the rack (e.g., servers or hard drives).For example, each drive could have an NFC label attached thereto (or anyother of a number of devices to be identified), and the key 20, 120 maybe configured to read data on the NFC label. Scanning the NFC label mayresult in the key 20, 120 storing information stored on the label whichmay in turn be stored in the key for auditing purposes. When thetechnician opens the door 206, they may also be required to scan thedrive they are removing, which could likewise be stored on the key 20,120. In the event the server drives are to be destroyed, the key 20, 120may also be configured to scan the drives at the destruction point forstoring additional audit data. Thus, the key 20, 120 can facilitateacquiring more data about when and who accessed a drive, leading to achain of custody for that drive.

In additional embodiments, the system 200 may include a security deviceto detect unauthorized access to a server rack 202. In one example, thesecurity device may be configured to detect removal of a drive containedwithin the server rack 202.

In some embodiments, the security system 200 may include wirelesscommunications for facilitating communication between its variouscomponents (e.g., electronic locks 254, programming stations, and/orkeys 20, 120) and/or one or more remote devices 250. For example, FIG.19 shows that the security system may include a monitoring device 252configured to communicate with one or more electronic locks, keys, and aremote device 250. The monitoring device 252 may be any device (e.g., acontroller, hub, gateway, computer, server, and/or cloud device)configured to communicate with one or more electronic locks and/or keys.For instance, the monitoring device 252 may be a hub configured tocommunicate with a plurality of electronic locks and/or keys. In othercases, the monitoring device 252 may be a computer (e.g., tablet,laptop, or desktop computer) that is configured to communicate with oneor more electronic locks and/or keys and/or one or more hubs 256 tofacilitate data transfer. It is understood that any number of monitoringdevices 252 may be employed in the system. The electronic locks, keys,and/or the monitoring device 252 may include wireless communicationscircuitry for communicating with one another using any desiredcommunications protocol (e.g., Bluetooth, LoRa, Wi-Fi, radiofrequency,etc.). The electronic locks, keys, and monitoring device 252 may belocated remotely from one another (e.g., the electronic locks may belocated in a data center, while the monitoring device may be at alocation that is not in the data center). In some cases, the monitoringdevice 252 may be located at some fixed location in proximity to one ormore electronic locks (e.g., attached to a server rack). In otherinstances, the electronic locks and/or keys and the monitoring device252 may communicate over a cloud network. In some embodiments, theelectronic locks and the monitoring device 18 are electrically connectedvia hard wiring, and the monitoring device may have wirelesscommunications circuitry for communicating with other monitoring devicesor remote devices 250.

The monitoring device 252 may further be configured to facilitatecommunication with one or more remote devices 250 (e.g., a smartphone ortablet) for providing notification regarding various events and/orproviding data. For example, data such as a time, date, server ID, lockID, key ID, user, etc. of access may be stored by the locks and/or keysand communicated between the electronic locks, keys, and/or monitoringdevices to the remote device 250 (e.g., an authorized access attempt).Such communication could occur, for instance, over one or more wirelesscommunication protocols. For instance, a private local network may beused to facilitate communication between the electronic locks, keys, anda monitoring device 18 (e.g., via the LoRa network), and a publicnetwork could be used for communication with the remote device 250(e.g., via a cloud network). In other embodiments, the electronic locksand/or the monitoring device 252 may be configured to generate an alarmsignal should an unauthorized access attempt be detected. In someembodiments, reports may be generated at the remote device 250 which maybe used to collect and manage data regarding each of the electroniclocks and/or keys.

It is generally understood that data centers may use data or mediadrives (e.g., USB, SD, Compact Flash, or SSD) to transfer software,firmware, code and other digital data between computer systems includingvarious components. These drives are often one-time use in that they aredestroyed at the end of the process so that there is minimum opportunityfor the data on them to be intercepted by nefarious actors. There areseveral current issues with this process, one of which is that datadrives are often small and not suited to be used in the destructiondevices used on typical hard drives. For example, the hard drive may beplaced on a conveyor belt for purposes of drive destruction that mayhave gaps that a data drive could fall through. Often the hard driveshave a bar code or QR code that is scanned to confirm destruction. Adata drive is small and may not have sufficient space for a code that iseasily read by the scanners. Also, intermediate storage, such as fromthe server rack to the destruction machine, might be set up toaccommodate typical hard drive sizes, but not smaller data drives. Thus,there exists a need for a data drive to work within the parameters ofthese existing destruction systems.

FIGS. 31-34 show various embodiments of a USB drive 300. In someembodiments, the size of the USB drive 300 (or other media device ordrive) matches the size of a typical solid-state drive (SSD) drive,which is the most commonly used in rack systems and destructionmachines. These SSD cases are approximately 100×70×15 (mm), but othersizes could be viable depending on the machine in use. Thus, the USBdrive 300 may include a case or housing that is the same orsubstantially similar to the size of a conventional SSD drive. Ensuringthat the USB drive 300 is the same size as an SSD case allows the USBdrive to be handled in the same manner as SSD drives are typicallyhandled and with at least the same level of security. In some cases, theUSB drive 300 may be housed or integrated with an SSD case in order tomaintain the ability to plug the USB connector into a wide variety ofdevices. It may not be viable to simply put a connector on the side ofthis SSD case, although this may be done in some cases. In oneembodiment, a USB connector 302 is coupled to the USB drive 300, such asvia a short cable having a connector extending from the case. In oneexample, this connector 302 may be configured to be removably engagedwith the drive 300 such that it does not increase the overall dimensionsof the case. For instance, the USB drive 300 may include a slot or otherrecess 304 configured to receive the connector 302 and associated cabletherein (e.g., compare FIG. 31 to FIG. 33 ). In other cases, the USBconnector 302 may be configured to move relative to the SSD case betweena retracted position relative to the case and an extended positionrelative to the case to thereby allow connection to the computer system.In one embodiment, the USB electronic components are disposed inside theUSB drive, not on the outside of the case or in the connector at the endof the cable.

Another possible issue with current techniques for use of USB drives isdata security of USB drives while in the possession of a technicianperforming maintenance at the data center. A USB drive is very easilyplugged into any computer system, and there are even small handhelddevices that can copy the data of a USB drive easily. In an idealimplementation, the USB drive would be inaccessible by anyone other thanthe technician, and the technician would also be tracked as to whenhe/she was moving data to and from the drive.

Data security of the USB drives can be addressed in different ways. Inone embodiment, the USB drive 300 may be mechanically disabled. This canbe done by preventing the USB connector 302 from communicating to theUSB components inside the SSD case. This may be accomplished by acutting device on a slider that the technician could use once the job iscomplete. The slider could cut anywhere along the electric path from theUSB connector the PCB inside the case thereby eliminating anycommunication between the USB connector and the PCB. The cutter couldalso cut through a pathway on the PCB to break the connection. Finally,the slider may be configured to move into contact with a location on thecircuit board to create a short and thereby render the USB driveuseless. The slider may have a one-way latch or mechanism that oncemoved into position, it could not be physically moved back to itsinitial position.

In other embodiments, techniques may be used destroy the USB drive's 300circuit with electricity. For instance, a fuse could be used on one ofthe circuit lines on the PCB of the USB drive that will blow when a highvoltage is applied to it. Alternately, voltage that is abovespecification could be applied directly to the pins of a microchip,causing it to burn up. There are several ways this power could beapplied. The USB connector 302 could be configured to connect to aspecial device that delivers high current through the connector.Alternately, power could be delivered wirelessly from a device (e.g.,through a pick-up coil). In order to not have accidental destruction, atwo-factor intent would be beneficial. For example, pushing a button onthe USB drive 300 or other actuator while presenting the voltageinjection could be used for such a purpose.

In another embodiment of the invention, the USB drive 300 is incapableof being used by the technician until the USB drive is successfullyactivated or otherwise authenticated. In one example, a security key maybe used to activate a USB drive. A mechanical key could be used in somecases, but an electronic key may have additional benefits. Theelectronic key may take many different forms such as those discussedabove, as well as an RFID badge, an NFC reader, a device with IRtransceivers, etc. In one example, an NFC reader is configured tocommunicate an activation signal. This activation signal could bewriting a bit to the NFC tag, or a wireless or wireless signal delivereddirectly to the USB components within the USB drive. In this example,each USB drive may have an NFC tag with a unique serial number or otheridentifier.

As noted above, the key may be electronic key 20, 120. The electronickey 20, 120 may be authenticated for the particular user using variousauthentication techniques, which would grant the user permissions to usethe USB drives 300. In operation according to one embodiment, the USBdrive defaults to a disabled mode. Once the USB drive 300 is pluggedinto a port of the server component and receives power, the electronickey 20, 120 may be used to authenticate the user and then enable thedrive, such as via a socket on the USB drive housing. The USB drive 300may then latch “ON” so long as it remains powered. FIG. 32 shows variousmodes of operation where the USB drive is disabled, then authenticatedfor use, and then subsequently disabled. Alternatively, the key 20, 120may be presented to the USB drive 300 prior to connection with the portof the server component in order to enable the USB drive. When the USBdrive 300 is unplugged from the USB port, it may be configured toautomatically return to a disabled mode. Thus, the technician would berequired to authenticate the USB drive 300 at every computer componentthe drive is connected into. In addition to authentication, theelectronic key 20, 120 may be configured to read the NFC tag (or anotheridentifier 308 such as a UPC code) from the drive and then deliver thatinformation along with the identity of the key owner to a remote device250. In this way, the user of the drive 300 can be tracked and auditedat every usage. In some cases, the USB drive 300 may include a seal 306or the like that is configured to be removed prior to use and accessingthe connector 302 (see, e.g., FIG. 33 ) so that the technician knowsthat the USB drive is unused. Because the computer systems within thedata center are also connected, the USB connection can be confirmed onboth sides of the transaction (i.e., by the electronic key 20, 120 andalso by the server component the drive 300 was plugged into). Thus, anynefarious behavior can quickly be discovered. If, for example, anelectronic key 20, 120 reported that a drive 300 was authenticated andin use, but the component did not report being connected to the drive,the implication is that the drive was plugged into an unauthorizeddevice and thus the data may have been compromised. Various forms ofauthentication between the USB drive 300 and the electronic key 20, 120may be used, such as any of the techniques (or combinations thereof)disclosed above. For instance, the electronic key 20, 120 may beconfigured to provide power to the USB drive which allows the USB driveto communicate with the component of the server rack. Moreover, the USBdrive 300 may include a transfer port 42, 142 similar to that describedabove to facilitate communication with an electronic key 20, 120.

As noted above, various components within a data center may be destroyedto prevent authorized access to such components and data stored thereon.For instance, conventional destruction may occur by physicallydestroying the components. However, there is no definitive way toconfirm that the components have indeed been destroyed and what happenedprior to destruction since it is a technician who is tasked withdestroying the components without any accurate chain of custody. In theembodiments discussed where a key is required to enable a USB drive foruse, destruction may not be required since the USB drive is unusablewithout a key. In other embodiments, chain of custody may be improved byemploying lockable enclosures 400 or secure sleeves for enclosing media410 and that may include an identifier 402 (e.g., QR code) (see, e.g.,FIGS. 20-30 ). For example, the lockable enclosures 400 may have aone-way latch 404 that prevents the enclosures from being unlocked afterthe latch is moved to a latched position. It is understood that theone-way latch 404 may take many forms, such as that shown in FIGS. 35-38, or alternatively any number of engagement members (e.g., one-waysnaps, detents, or the like) that prevent media 410 from being removedonce received by the lockable enclosure 400. For example, the one-waylatch 404 may include one or more engagement members 408 configured toengage with one another when the latch is closed, such as by rotatingrelative to one another from an open position to a closed, engagedposition. In other examples, the lockable enclosure 400 may beconfigured to receive the media 410 in such a way that the media cannotbe removed without damaging or destroying the lockable enclosure and/ormedia.

Moreover, the identifier 402 may also take many forms, such as a labelwith a QR or UPC code, which may be placed over the one-way latch (see,e.g., FIG. 37 ). Thus, identifier may be located in such a way thatattempting to open the one-way latch 404 may damage the identifier. Theidentifier 402 may only be accessible when the lockable enclosure 400 issuccessfully latched in some embodiments (e.g., compare FIG. 26 to FIG.27 ). In other cases, a key 20, 120 may be used to lock the enclosure,or a remote device 250 in other embodiments. The identifier 402 of eachof the lockable enclosure 400 and the media 410 (e.g., SSD or USB drive)may then be required to be scanned or photographed together before thelockable enclosure is confirmed as being secure and ready to bedestroyed (see, e.g., FIG. 28 ). If the media 410 is moved to adifferent lockable enclosure 400, scanning the enclosure's identifier402 and the media's identifier 402 may reveal that a possible tamper hastaken place (see, e.g., FIG. 30 ). In one embodiment, the lockableenclosures 400 may be required to be inserted within a secure bin 406(see, e.g., FIG. 20 ). This secure bin 406 may include access control aswell, such as to log when a particular lockable enclosure 400 isinserted therein. In some instances, the lockable enclosures 400 aresingle use and may be destroyed along with the media 410. In othercases, the lockable enclosures 400 may be “smart” and reusable, such aswhere the enclosures are configured to communicate with an electronickey 20, 120. In this example, the lockable enclosure 400 may beconfigured to be unlocked to remove the media 410 at the time ofdestroying the media. In some cases, a scanner station may be used tounlock the lockable enclosure 400, remove the media 410, and destroy themedia.

FIG. 39 illustrates another embodiment of a lockable enclosure 500,sometimes referred to as a secure sleeve or case. In general, thelockable enclosure 500 is configured to retain a new data or media driveprior to the old data drive being discarded with the lockable enclosure.For example, the old data drive 504 may be a drive removed from a serverrack that is to be replaced with a new data drive 506. The lockableenclosure 500 may be configured to operate in a one-in-one-out fashionsuch that a new data drive cannot be accessed until the old data driveis secured within the enclosure. Thus, in some embodiments, the new datadrive cannot be dispensed until the old data drive is secure. Thisone-in-one-out configuration may also allow the technician to easilydetermine which data drive is old and which is new. FIG. 39 illustratesthat the lockable enclosure 500 includes a housing that contains a latch502 configured to slide or otherwise move within the housing. Thelockable enclosure 500 may house the latch 502 therein such that thelatch is unable to be removed. The lockable enclosure 500 may be formedof a clear polymeric material (e.g., polycarbonate) and may be formed ofone or more components, such as an upper housing and a lower housingthat are attached to one another, such as in a permanent manner (e.g.,via ultrasonic welding). Comparing FIGS. 41 and 42 (a portion of thehousing has been removed for illustration), it is shown that the latch502 may be configured to slide between a first position for receiving adata drive and a second position within the lockable enclosure 500 fordispensing a data drive.

In one embodiment, the latch 502 may be configured to receive an olddata drive 504 therein (see FIG. 44 ), and the lockable enclosure 500may be configured to house a new data drive 506 therein (see FIG. 43 ).Thus, the lockable enclosure 500 may include a new data drive 506 thatis already present, which may for example be provided duringmanufacturing and assembly of the lockable enclosure. The latch 502 mayinclude one or more flexible members 508 (e.g., a pair) configured to bebiased or flexed when the old data drive 504 is inserted therein. Theflexible members 508 may include tines or like engagement members 510 ata free end thereof that are configured to align with and engage one ormore corresponding slots or channels 512 defined in the lockableenclosure 500. In this way, the engagement members 510 are configured toslide within the slots 512. In some cases, the engagement members 510may be incapable of engaging the slots 512 until a data drive has beeninserted within the latch 502. Thus, the latch 502 may be incapable ofsliding within the lockable enclosure 500 until a data drive isinserted. For example, insertion of an old data drive 504 within thelatch 502 may cause the flexible members 508 to bias outwardly to alignthe engagement members 510 with the slots 512 when a data drive with theappropriate width is inserted therein. In certain aspects, the latch 502may be capable of sliding in only one direction and cannot be slid in anopposite direction. The lockable enclosure 500 may include one or moreribs 514 that are configured to block the latch 502 from sliding in anopposite direction. As such, embodiments of the present invention mayprovide features that make defeating the lockable enclosure 500difficult, such as attempted picking of the lockable enclosure. In thisexample, two tools would be needed to engage the flexible members 508 soas to align them with the slots 5120 to defeat the lockable enclosure500 which may be difficult to accomplish.

FIG. 43 shows an example of a new data drive 506 positioned within thelockable enclosure 500. The lockable enclosure 500 may define an opening516 configured to receive an old data drive 504 therein. As shown, theopening 516 may be defined in a top surface of the lockable enclosure500 and sized to receive the old data drive 504 and facilitateengagement with the latch 502. When the old data drive 504 is inserted,a user is able to push the latch 502 in a direction towards the new datadrive 506. As the latch 502 progresses within the lockable enclosure500, the new data drive 506 is pushed out of an opening 522 defined inthe lockable enclosure (see. FIG. 45 ). For instance, as shown, the endof the lockable enclosure 500 may define an opening 522 that is sized toallow the new data drive 506 to fit through the opening. As noted above,the latch 502 cannot be reversed and moved in an opposite direction.Moreover, the latch 502 may be configured to surround the data drive 504such that any electrical contacts or pins on the data drive areincapable of being accessed once the data drive is inserted therein. Inthis way, the contacts of the data drive 504 cannot be accessed by anunauthorized person. Once the new data drive 506 has been removed (seeFIG. 46 ), the old data drive 504 is retained within the lockableenclosure 500 and cannot be removed without damaging the enclosure. Insome cases, the lockable enclosure 500 and old data drive 504 retainedtherein may be destroyed as discussed above. The old data drive 504 maybe held in place within the lockable enclosure 500 by any number ofmeans, such as for example, a friction fit, crush ribs, breakable tinesor any other means that prevents the data drive from being removed. Insome instances, the old data drive 504 may be recessed into the lockableenclosure 500, and the lockable enclosure may have a tight fit aroundthe data drive such that it is difficult to access or remove the datadrive using tools or fingers or by impact to the outside of theenclosure. In some embodiments, sliding the latch 502 from the firstposition to the second position may reveal a UPC, QR, barcode, serialnumber, or like identifier 518 for identifying the lockable enclosure500 (see FIG. 46 ) and in some cases correlating the lockable enclosurewith the old data drive 506 for chain of custody, as described above.

Although embodiments of the present invention describe a latch 502 thatis configured to slide within the lockable enclosure 500, it isunderstood that different configurations may be employed utilizing aone-in-one-out feature. For example, FIG. 40 shows an embodiment of alockable enclosure 500 that employs a cam 520 configured to rotate.Thus, in some cases, the latch may be a cam or other rotatablemechanism. In this design, the cam 520 may be configured to rotate bythe act of inserting the old data drive 504, and the rotation wouldcause the new data drive 506 to be dispensed. Similar to the embodimentsdisclosed above, a latch with engagement members may be configured toprevent the cam from rotating unless a data drive with the correct widthis inserted into the lockable enclosure. Moreover, it is understood thatany number of types and sizes of data drives may be used in differentembodiments. For instance, FIG. 40 illustrates that rather than an olddata drive and a new data drive being positioned end-to-end to oneanother, the drives could be configured to be placed such that one datadrive overlies the other data drive or that the drives are configured toslide relative to one another in an overlying manner.

FIGS. 47-50 illustrate additional embodiments of the present invention.In this regard, FIG. 47 shows an embodiment of a lockable enclosuresuitable for a compact flash drive, FIG. 48 shows an embodiment of alockable enclosure suitable for an SD card, FIG. 49 shows an embodimentof a lockable enclosure suitable for a SSD drive, and FIG. 50 shows anembodiment of a lockable enclosure suitable for an USB drive. FIGS.47-48 include features similar to the lockable enclosure 500 describedabove with respect to the embodiments of FIGS. 41-46 . Thus, embodimentsof lockable enclosures are configured to use with any number of desiredmedia.

FIG. 49 illustrates an alternative embodiment for a lockable enclosure600. In this embodiment, the lockable enclosure 600 may also operatesimilar to that described above (i.e., one-in-one out) but is configuredfor use with larger data drives without necessarily increasing the sizeof the lockable enclosure. The latch 602 may be configured to engage oneor more engagement members 604 on the data drive 506 itself (e.g., holesdefined on opposite sides of an SSD drive). Thus, the latch 602 mayinclude engagement members 606 that are configured to engage theengagement members 604 of the data drive 506. As before, when an olddata drive 504 is inserted within the housing, the latch 602 isconfigured to move within the housing to dispense the new data drive506. In some cases, the latch 602 includes a pair of movable members 608that are configured to move when an old data drive 504 is insertedwithin the housing. The movable members 608 may be spring biased towardsan engaged position with the data drive 506 in some instances. Theengagement members 606 may be operably engaged with the movable members608 such that as the old data drive 504 is inserted within the housing,the movable members move to disengage the engagement members 604, 606from one another. In one embodiment, the new data drive 506 may beconfigured to be partially displaced from the housing while theengagement members 604, 606 are still engaged with one another. Thus,even though the new data drive 506 may be partially positioned outsidethe housing, the user is incapable of removing the new data drive untilthe old data drive 504 is fully positioned within the housing due toengagement between the latch 602 and the housing. In some embodiments,the latch 602 may be configured to engage the engagement members 604 ofthe data drive 504 when the data drive is inserted within the housing sothat the old data drive is incapable of being backed out or otherwiseremoved from the housing. In some cases, the movable members 608 may beconfigured to pivot between engaged and disengaged positions with thenew data drive 506, such as via sliding of the latch 602 relative to thehousing as the old data drive 506 is inserted within the housing. Inother embodiments, the movable members 608 may be flexible andconfigured to flex between engaged and disengaged positions.

Moreover, FIG. 50 shows an embodiment of a lockable enclosure 700. Inthis embodiment, the data drive 702 may be configured to be housedwithin the housing in a first position in which the data drive is ableto be removed. Thus, a user is able to freely remove the data drive 702for use. In addition, the data drive 702 may be tethered to the housing,such as via a cable 704, wire, or the like. For example, a cable 704 maybe attached to the data drive 702 at one end and attached to the housingat an opposite end. When the data drive 702 is ready to be discarded,the data drive 702 is configured to be reinserted within the housing ina second position. The second position may be a different position thanthe first position, e.g., the data drive may sit lower within thehousing in the second position compared to the first position. In thesecond position, a latch 706 is configured to be moved to secure thedata drive 702 within the housing. In some cases, the latch 706 isincapable of being moved relative to the housing when the data drive 702is in the first position. Thus, in the second position, the data drive702 may be incapable of being removed from the housing without damagingthe lockable enclosure 700 or the data drive. Moreover, in some cases,the latch 706 may be a one-way latch that is incapable of being movedback to reveal the data drive 702 once in the second position.

Embodiments of the present invention may utilize similar technology asthat disclosed in PCT Publication No. WO 2020/227513, U.S. Pat. No.11,361,635, PCT Publication No. WO 2022/027021, U.S. Publ. No.2022/0166785, International Appl. No. PCT/US2021/064837, U.S.Provisional Appl. No. 63/059,280, U.S. Provisional Appl. No. 63/187,747,and U.S. Provisional Appl. No. 63/131,887, the contents of which areeach hereby incorporated by reference in their entirety herein.

The foregoing has described several embodiments of systems, devices,locks, keys, devices, lockable enclosures, computer storage mediums, andmethods. Although embodiments of the present invention have been shownand described, it will be apparent to those skilled in the art thatvarious modifications thereto can be made without departing from thespirit and scope of the invention. Accordingly, the foregoingdescription is provided for the purpose of illustration only, and notfor the purpose of limitation.

That which is claimed is:
 1. A lockable enclosure for a data drive, thelockable enclosure comprising: a housing configured to house a firstdata drive, the first data drive configured to be removed from thehousing; and a latch contained within the housing and configured toreceive a second data drive, wherein the latch is configured to move inonly one direction within the housing for dispensing the first datadrive from the housing while the second data drive remains securedtherein, wherein the latch is configured to move between a predeterminedfirst position for receiving the second data drive and a predeterminedsecond position for dispensing the first data drive, and wherein in thefirst predetermined position, the first data drive is inaccessible, andwherein in the second predetermined position, the first data drive isaccessible, wherein the second data drive is incapable of being removedfrom the housing without damaging or destroying the housing after thefirst data drive has been dispensed from the housing, and wherein thefirst data drive is incapable of being removed from the housing withoutdamaging or destroying the housing before receiving the second datadrive within the housing.
 2. The lockable enclosure of claim 1, whereinthe latch is configured to slide within the housing.
 3. The lockableenclosure of claim 1, wherein the latch is configured to move within thehousing only when the housing receives the second data drive.
 4. Thelockable enclosure of claim 1, wherein the latch is configured toreceive the second data drive for moving the second data drive withinthe housing.
 5. The lockable enclosure of claim 4, wherein the latchcomprises at least one flexible member configured to be biased inresponse to receiving the second data drive.
 6. The lockable enclosureof claim 5, wherein the at least one flexible member comprises anengagement member, and wherein the housing comprises at least one slotconfigured to align with the engagement member when the latch receivesthe second data drive therein.
 7. The lockable enclosure of claim 6,wherein the latch comprises a pair of flexible members and associatedengagement members, and wherein the housing comprises a pair ofcorresponding slots.
 8. The lockable enclosure of claim 1, wherein thelatch is configured to rotate within the housing.
 9. The lockableenclosure of claim 1, wherein the first data drive comprises asolid-state drive, and wherein the second data drive comprises asolid-state drive.
 10. The lockable enclosure of claim 1, furthercomprising an identifier for identifying the lockable enclosure, andwherein the identifier is only visible when the latch has been moved todispense the first data drive.
 11. The lockable enclosure of claim 1,wherein the first data drive is secured within the housing prior to thelatch receiving the second data drive.
 12. A lockable enclosure for adata drive, the lockable enclosure comprising: a housing configured tocontain a first data drive, the first data drive configured to beremoved from the housing, wherein the housing is configured to receive asecond data drive, and wherein the first data drive is only configuredto be removed from the housing when the second data drive is securedtherein; and a latch contained within the housing and configured toreceive the second data drive, wherein the latch is configured to moveonly one way within the housing for dispensing the first data drive fromthe housing while the second data drive remains secured therein, whereinthe second data drive is incapable of being removed from the housingwithout damaging or destroying the housing when secured within thehousing, wherein the latch is configured to move within the housing fordispensing the second data drive from the housing only while the firstdata drive remains secured therein.
 13. A method for securing anddispensing data drives, the method comprising: providing a housingcontaining a latch, the housing containing a first data drive in aninaccessible state while the latch is in a first predetermined position;inserting a second data drive within the housing such that the latchengages the second data drive in the first predetermined position;moving the latch within the housing to a second predetermined positionfor securing the second data drive within the housing such that thesecond data drive is incapable of being removed from the housing withoutdamaging or destroying the housing when secured within the housing inthe second predetermined position, wherein the latch is incapable ofbeing moved from the second predetermined position to the firstpredetermined position, and wherein moving comprises moving the latchwithin the housing for dispensing the first data drive from the housingonly while the second data drive remains secured therein.
 14. The methodof claim 13, wherein moving comprises sliding the latch containing thesecond data drive.